Documentation ¶
Index ¶
Constants ¶
View Source
const ( // KubeCube all the begin KubeCube = "kubecube" // Warden is willing to kubecube Warden = "warden" // ApiPathRoot the root api route ApiPathRoot = "/api/v1/cube" // LocalCluster the internal cluster where program stand with LocalCluster = "_local_cluster" // DefaultPivotCubeClusterIPSvc default pivot cube svc DefaultPivotCubeClusterIPSvc = "kubecube:7443" DefaultAuditURL = "http://audit:8888/api/v1/cube/audit/cube" )
View Source
const ( HttpHeaderContentType = "Content-type" HttpHeaderContentDisposition = "Content-Disposition" HttpHeaderContentTypeOctet = "application/octet-stream" ImpersonateUserKey = "Impersonate-User" ImpersonateGroupKey = "Impersonate-Group" )
http content
View Source
const ( EventName = "event" EventTypeUserWrite = "userwrite" EventResourceType = "resourceType" EventAccountId = "accountId" EventObjectName = "objectName" EventRespBody = "responseBody" AuthorizationHeader = "Authorization" DefaultTokenExpireDuration = 3600 // 1 hour )
audit and user constant
View Source
const ( K8sResourceVersion = "v1" K8sResourceNamespace = "namespaces" K8sResourcePod = "pods" K8sKindClusterRole = "ClusterRole" K8sKindRole = "Role" K8sKindServiceAccount = "ServiceAccount" K8sGroupRBAC = "rbac.authorization.k8s.io" )
k8s api resources
View Source
const ( PlatformAdmin = "platform-admin" TenantAdmin = "tenant-admin" ProjectAdmin = "project-admin" Reviewer = "reviewer" TenantAdminCluster = "tenant-admin-cluster" ProjectAdminCluster = "project-admin-cluster" ReviewerCluster = "reviewer-cluster" PlatformAdminAgLabel = "rbac.authorization.k8s.io/aggregate-to-platform-admin" TenantAdminAgLabel = "rbac.authorization.k8s.io/aggregate-to-tenant-admin" ProjectAdminAgLabel = "rbac.authorization.k8s.io/aggregate-to-project-admin" ReviewerAgLabel = "rbac.authorization.k8s.io/aggregate-to-reviewer" )
rbac related constant
View Source
const ( // ClusterLabel indicates the resource which cluster relate with ClusterLabel = "kubecube.io/cluster" // TenantLabel represent which tenant resource relate with TenantLabel = "kubecube.io/tenant" // ProjectLabel represent which project resource relate with ProjectLabel = "kubecube.io/project" // TenantNsPrefix represent the namespace which relate with tenant TenantNsPrefix = "kubecube-tenant-" // ProjectNsPrefix represent the namespace which relate with project ProjectNsPrefix = "kubecube-project-" // CubeQuotaLabel point to CubeResourceQuota CubeQuotaLabel = "kubecube.io/quota" // RbacLabel indicates the resource of rbac is related with kubecube RbacLabel = "kubecube.io/rbac" // RoleLabel indicates the role of rbac policy RoleLabel = "kubecube.io/role" // CrdLabel indicates the crds kubecube need to dispatch CrdLabel = "kubecube.io/crds" // SyncAnnotation use for sync logic of warden SyncAnnotation = "kubecube.io/sync" )
View Source
const ( // CubeNodeTaint is node taint that managed by KubeCube CubeNodeTaint = "node.kubecube.io" // CubeCnAnnotation is the annotation of cluster contains cluster cn name CubeCnAnnotation = "cluster.kubecube.io/cn-name" )
View Source
const ( // HncInherited means resource is inherited form upon namespace by hnc HncInherited = "hnc.x-k8s.io/inherited-from" HncTenantLabel = "kubecube.hnc.x-k8s.io/tenant" HncProjectLabel = "kubecube.hnc.x-k8s.io/project" /* Namespace depth is relative to current namespace depth. Example: tenant-1 └── [s] project-1 └── [s] ns-1 ns-1 namespace has three depth label: 1. ns-1.tree.hnc.x-k8s.io/depth: "0" 2. project-1.tree.hnc.x-k8s.io/depth: "1" 3. tenant-1.tree.hnc.x-k8s.io/depth: "2" */ HncCurrentDepth = "0" HncProjectDepth = "1" HncTenantDepth = "2" // HncSuffix record depth of namespace in HNC HncSuffix = ".tree.hnc.x-k8s.io/depth" // HncAnnotation must exist in sub namespace HncAnnotation = "hnc.x-k8s.io/subnamespace-of" )
hnc related const
View Source
const ( // AllVerb all verbs AllVerb = "*" // CreateVerb create resource CreateVerb = "create" // GetVerb get resource GetVerb = "get" // UpdateVerb update resource UpdateVerb = "update" // DeleteVerb delete resource DeleteVerb = "delete" // ListVerb list resource ListVerb = "list" )
rbac role verbs
View Source
const ( Writable = "writable" Readable = "readable" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.